Date: Thu, 25 Jan 96 07:30:29 -0800 From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca> To: James Seng <jseng@stf.org.sg> Cc: Nathan Lawson <nlawson@statler.csc.calpoly.edu>, Michael Smith <msmith@atrad.adelaide.edu.au>, security@freebsd.org Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601251530.HAA16987@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Thu, 25 Jan 96 10:16:55 %2B0800." <Pine.BSD/.3.91.960125100635.22383A-100000@fire.stf.org.sg>
next in thread | previous in thread | raw e-mail | index | archive | help
James Seng <jseng@stf.org.sg> wrote: > On Wed, 24 Jan 1996, Nathan Lawson wrote: > > Pardon me. I was thinking of the many other nologin accounts that had a > > null shell (meaning /bin/sh by default). > > Actually, even if bin has /nonexistant as a shell in passwd, it can > still be login in various ways (rsh -l bin <machine> /bin/sh -i). In either > case, one more account, one more trouble..but somehow, i still prefer BSD > ways of letting bin own the binaries and not root like Linux..dunno why *8) > Perhaps i think root have too much power? It seem like none or all solution. > In this aspect VMS is better i guess. The reason bin exists in the first place is that when doing system maintenance you su to bin, do your maintenance, and exit. This protects the sysadmin from access to too much preventing the obvious fat finger type of mistakes. The protection bin is supposed to give the sysadmin is that access to user and critical system files is limited thereby limiting any potential damage done during system maintenance. I don't know of anyone who follows this discipline nor do I know of any vendor who promotes it either. Other than attempting to promote a management discipline, the ownership by bin of binaries on a local filesystem has little relevance, while on filesystems exported with write privileges it has more relevance. Regards, Phone: (604)389-3827 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601251530.HAA16987>